Hey guys,
I’m having login issues with persistent cookies , this happens when one node of the cluster restarts and some users will not be able to login. i think its due to the restart , cookie in the client browser is no longer valid . Can this be fixed using cookie JSESSIONID prefix nocache ? or expiry ? appreciate your help.
global
log stdout format raw local0 info
pidfile /run/haproxy.pid
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
tune.ssl.default-dh-param 2048
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 60000
timeout client 50000
timeout server 50000
listen stats
bind *:1936
stats enable
stats uri /
stats hide-version
stats auth admin:admin
frontend http-frontend
bind *:80
bind *:443 ssl crt /server.pem
redirect scheme https if !{ ssl_fc }
mode http
default_backend http-backend
resolvers localdns
parse-resolv-conf
hold valid 5s
backend http-backend
mode http
balance roundrobin
default-server inter 2s fastinter 2s downinter 2s fall 3 rise 2
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
cookie JSESSIONID prefix
default-server resolvers localdns
option httpchk HEAD /ha/health HTTP/1.0
server-template node1 1 ${BACKEND_NODE1} check cookie node1
server-template node2 1 ${BACKEND_NODE2} check cookie node2